[Secure-testing-commits] r31162 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Jan 6 21:10:15 UTC 2015 

Author: sectracker
Date: 2015-01-06 21:10:14 +0000 (Tue, 06 Jan 2015)
New Revision: 31162

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-06 20:33:06 UTC (rev 31161)
+++ data/CVE/list	2015-01-06 21:10:14 UTC (rev 31162)
@@ -1,9 +1,9 @@
 CVE-2015-XXXX [HTTP TRACE DoS]
 	- trafficserver <unfixed>
 	[wheezy] - trafficserver <not-affected> (Only affects 5.x)
-        NOTE: https://issues.apache.org/jira/browse/TS-3223 (fixed in 5.1.2)
-        NOTE: https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=commit;h=8b5f0345dade6b2822d9b52c8ad12e63011a5c12
-        NOTE: notes: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327089&styleName=Html&projectId=12310963
+	NOTE: https://issues.apache.org/jira/browse/TS-3223 (fixed in 5.1.2)
+	NOTE: https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=commit;h=8b5f0345dade6b2822d9b52c8ad12e63011a5c12
+	NOTE: notes: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327089&styleName=Html&projectId=12310963
 CVE-2014-XXXX [insecure LUA default load path]
 	- libquvi 0.4.1-3 (low; bug #774555)
 	[wheezy] - libquvi <no-dsa> (Minor issue)
@@ -589,6 +589,7 @@
 CVE-2014-9389
 	RESERVED
 CVE-2014-9388 (bug_report.php in MantisBT before 1.2.18 allows remote attackers to ...)
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: https://www.mantisbt.org/bugs/view.php?id=17878
@@ -1625,33 +1626,39 @@
 	NOTE: https://forums.openvpn.net/topic17625.html
 CVE-2014-9272 [XSS in string_insert_hrefs()]
 	RESERVED
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://github.com/mantisbt/mantisbt/commit/05378e00
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=17297
 CVE-2014-9281 (Cross-site scripting (XSS) vulnerability in admin/copy_field.php in ...)
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://github.com/mantisbt/mantisbt/commit/e5fc835a
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=17876
 CVE-2014-9271 [XSS in file uploads]
 	RESERVED
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=17874
 	NOTE: http://github.com/mantisbt/mantisbt/commit/9fb8cf36f
 CVE-2014-9270 (Cross-site scripting (XSS) vulnerability in the ...)
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://github.com/mantisbt/mantisbt/commit/0bff06ec
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=17583
 CVE-2014-9269 [XSS in extended project browser]
 	RESERVED
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://github.com/mantisbt/mantisbt/commit/511564cc
 	NOTE:  http://www.mantisbt.org/bugs/view.php?id=17890
 CVE-2014-9280 (The current_user_get_bug_filter function in core/current_user_api.php ...)
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://github.com/mantisbt/mantisbt/commit/599364b2
@@ -1677,6 +1684,7 @@
 	NOTE: for pyyaml: might be need to be removed here (no-CVE assigned) or separate CVE
 	NOTE: for pyyaml: https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc/raw/
 CVE-2014-9117 (MantisBT before 1.2.18 uses the public_key parameter value as the key ...)
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://github.com/mantisbt/mantisbt/commit/7bb78e4581ff1092c811ea96582fe602624cdcdd
@@ -1704,6 +1712,7 @@
 	NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=fd262d11 (fix null deref)
 	NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=f6a8a2cb (fix test suite in former commit)
 CVE-2014-9089 (Multiple SQL injection vulnerabilities in view_all_bug_page.php in ...)
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: https://www.mantisbt.org/bugs/view.php?id=17841
@@ -2494,6 +2503,7 @@
 	- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
 	NOTE: http://thread.gmane.org/gmane.linux.man/7385/
 CVE-2014-8986 (Cross-site scripting (XSS) vulnerability in the selection list in the ...)
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02cef41bf40
@@ -2961,6 +2971,7 @@
 CVE-2012-6663
 	RESERVED
 CVE-2014-8988 (MantisBT before 1.2.18 allows remote authenticated users to bypass the ...)
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://github.com/mantisbt/mantisbt/commit/5f0b150b
@@ -3392,6 +3403,7 @@
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135
 	NOTE: Regression introduced with https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/?id=0b8652b226a7601dfd71471797d15168a7337242 (1.16.2)
 CVE-2014-8598 (The XML Import/Export plugin in MantisBT 1.2.x does not restrict ...)
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: https://github.com/mantisbt/mantisbt/commit/80a15487
@@ -3457,6 +3469,7 @@
 CVE-2014-8555 (Directory traversal vulnerability in report/reportViewAction.jsp in ...)
 	NOT-FOR-US: Progress Software OpenEdge
 CVE-2014-8553 (The mci_account_get_array_by_id function in ...)
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: https://www.mantisbt.org/bugs/view.php?id=17243 (currently private)
@@ -3548,6 +3561,7 @@
 CVE-2014-8566 (The mod_auth_mellon module before 0.8.1 allows remote attackers to ...)
 	- libapache2-mod-auth-mellon 0.9.1
 CVE-2014-8554 (SQL injection vulnerability in the mc_project_get_attachments function ...)
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=17812
@@ -6958,6 +6972,7 @@
 CVE-2014-7147
 	RESERVED
 CVE-2014-7146 (The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows ...)
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=17725
@@ -8837,6 +8852,7 @@
 CVE-2014-6317 (Array index error in win32k.sys in the kernel-mode drivers in ...)
 	NOT-FOR-US: Microsoft
 CVE-2014-6316 (core/string_api.php in MantisBT before 1.2.18 does not properly ...)
+	{DSA-3120-1}
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://github.com/mantisbt/mantisbt/commit/e66ecc9f

More information about the Secure-testing-commits mailing list